H3C S5500-EI series Operation Manual page 1038

Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
To do...
Create or modify a
rule
Set a rule
numbering step
Create an IPv6
ACL description
Create a rule
description
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
You may use the display acl command to verify rules configured in an ACL. If the
match order for this ACL is auto, rules are displayed in the depth-first match order
rather than by rule number.
Caution:
You can modify the match order of an IPv6 ACL with the acl ipv6 number
acl6-number [ name acl6-name ] match-order { auto | config } command but only
when it does not contain any rules.
The rule specified in the rule comment command must have existed.
3.2.3 Configuration Examples
# Create IPv6 ACL 2000 to permit IPv6 packets with source address
2030:5060::9050/64 to pass while denying IPv6 packets with source address
fe80:5060::8050/96.
<Sysname> system-view
Use the command...
rule [ rule-id ] { deny |
permit } [ fragment |
logging | source
{ ipv6-address
prefix-length |
ipv6-address/prefix-len
gth | any } | time-range
time-name ] *
step step-value
description text
rule rule-id comment
text
3-2
Chapter 3 IPv6 ACL Configuration
Remarks
Required
To create multiple rules, repeat this
step.
Note that the logging and
fragment keywords are not
supported if the ACL is to be
referenced by a QoS policy for
traffic classification.
Optional
The default step is 5.
Optional
By default, no IPv6 ACL description
is present.
Optional
By default, no rule description is
present.